š
Original date posted:2016-01-07
š Original message:On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <pieter.wuille at gmail.com>
wrote:
> Bitcoin does have parts that rely on economic arguments for security or
> privacy, but can we please stick to using cryptography that is up to par
> for parts where we can? It's a small constant factor of data, and it
> categorically removes the worry about security levels.
>
Our message may have crossed in the mod queue:
"So can we quantify the incremental increase in security of SHA256(SHA256)
over RIPEMD160(SHA256) versus the incremental increase in security of
having a simpler implementation of segwitness?"
I believe the history of computer security is that implementation errors
and sidechannel attacks are much, much more common than brute-force breaks.
KEEP IT SIMPLE.
(and a quibble: "do a 80-bit search for B and C such that H(A and B) = H(B
and C)" isn't enough, you have to end up with a C public key for which you
know the corresponding private key or the attacker just succeeds in burning
the funds)
--
--
Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160107/f73f2f2c/attachment.html>;
Gavin Andresen [ARCHIVE] /
npub1s4ā¦d44kw
2023-06-07 17:31:34
in reply to nevent1qā¦33j7
Author Public Key
npub1s4lj77xuzcu7wy04afcr487f0r3za0f8n2775xrpkld2sv639mjqsd44kwPublished at
2023-06-07 17:31:34Event JSON
{
"id": "3693a2635a95bd5c526d397e2dd79712355d90688fd5dfafc5d90c4406005a9e",
"pubkey": "857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4",
"created_at": 1686159094,
"kind": 1,
"tags": [
[
"e",
"39ee3b2141e39cb356bf3e8afab144a2e0bb0b6fbad76c57e6fb52dd7fe45506",
"",
"root"
],
[
"e",
"bb88a2c7d83f59890f1fe2a3ca50384a8c0559ee81b4cc29cac438559c51a477",
"",
"reply"
],
[
"p",
"5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6"
]
],
"content": "š
Original date posted:2016-01-07\nš Original message:On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille \u003cpieter.wuille at gmail.com\u003e\nwrote:\n\n\u003e Bitcoin does have parts that rely on economic arguments for security or\n\u003e privacy, but can we please stick to using cryptography that is up to par\n\u003e for parts where we can? It's a small constant factor of data, and it\n\u003e categorically removes the worry about security levels.\n\u003e\nOur message may have crossed in the mod queue:\n\n\"So can we quantify the incremental increase in security of SHA256(SHA256)\nover RIPEMD160(SHA256) versus the incremental increase in security of\nhaving a simpler implementation of segwitness?\"\n\nI believe the history of computer security is that implementation errors\nand sidechannel attacks are much, much more common than brute-force breaks.\nKEEP IT SIMPLE.\n\n(and a quibble: \"do a 80-bit search for B and C such that H(A and B) = H(B\nand C)\" isn't enough, you have to end up with a C public key for which you\nknow the corresponding private key or the attacker just succeeds in burning\nthe funds)\n\n\n-- \n--\nGavin Andresen\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160107/f73f2f2c/attachment.html\u003e",
"sig": "22425b633bc16319d03b4ae1916dd2a773e402d608bb5d6726180ac80ef6dc728d1ed92c924732fd806942d9ab146e4e96647e788c30c742b15d09882324979d"
}